Date: Thu, 11 Jan 2001 07:02:24 -0800 (PST) From: arc_of_avalon@yahoo.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/24254: Security hole in use of kbdcontrol Message-ID: <200101111502.f0BF2Oa46027@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 24254 >Category: misc >Synopsis: Security hole in use of kbdcontrol >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 11 07:10:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Arc >Release: 4.2-Stable >Organization: >Environment: FreeBSD selket.aww 4.2-STABLE FreeBSD 4.2-STABLE #5: Fri Dec 29 01:23:03 GMT 2000 root@selket.aww:/usr/src/sys/compile/SELKET i386 >Description: By default kbdcontrol is world executable and allows any local user to change the keyboards of all the vty's, including any that root is logged in to. This could allow a user to virtually disable the console (non-X11) which, when used to activate an unusable keymap, would require a reboot to correct. Note that kbdcontrol does not affect the keymap in X11. This bug seems to exist in all BSDs. >How-To-Repeat: As non-root, type kbdcontrol -l us.dvorak (or any non-qwerty keyboard, including one edited by the user in his home directory with all the keys set to "?" or similar). This will change the keyboard on all vty's and, if X11 is not running, would make it hard if not impossible (as would be the case with a keyboard full of ?'s) to change back. >Fix: This could be fixed by changing the permissions on kbdcontrol or only allowing root to change the keymap on all vty's (non-root only being able to change their own vty, which resets on logout). >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101111502.f0BF2Oa46027>